[Bug 481536] Review Request: enano - Enano CMS, a php-based modular content management system

bugzilla at redhat.com bugzilla at redhat.com
Fri May 29 18:04:25 UTC 2009 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=481536





--- Comment #12 from Dan Fuhry <dan at enanocms.org>  2009-05-29 14:04:22 EDT ---
1. The way Enano bundles libraries, we only use parts that are very, very
unlikely to result in security vulnerabilities because they are only ever given
sanitized input.

2. I've checked the validity of these.

    * engine_failsafe: from the phpBB project (v2.0.21), and is GPLv2+.
Clarified in comments in upstream.
    * Tigra: we got them to license it under the GPL. I will be fixing the
comments in upstream shortly.
    * Prefilter: this is an upstream licensing issue for us. Prefilter is from
Text_Wiki. The file is a skeleton anyway. I suspect the author labeled it
wrongly. I'll just rewrite this file for Enano. See:
http://hg.enanocms.org/repos/enano-1.1/file/tip/includes/wikiengine/Render/Plain/Prefilter.php
    * I'm considering removing the graph stuff. It wasn't used for very long
and I was afraid of API breakage which is the only reason it's still in there.
I don't know about stuff under the PHP license; from what I know (and I could
very likely be wrong), it should be legal to link code under the PHP License
with GPL code.
    * The failsafe graph code (with that sketchy comment) is GPL. Citation:
http://google.com/codesearch/p?hl=en#bvpP-RfBwPE/sb_statsbar.php&q=%22function%20BarGraphHoriz%22
      Going by the fact that this file was released in 2006, and it points to
the URL which always shows the latest version of the license, it would be very
safe to assume this means GPLv2 or later. I still might remove it because it's
a stale and unmaintained part of the API.

One quick question. Have you looked at licenses/index.html?
Do that and *then* tell us what our problems are. Every third party component
that's been added to Enano with the exception of public domain code has been
documented in that file, with copies of all relevant licenses included.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list